Firstly, Offensive Security’s Metasploit Unleashed.The course material, available free of charge here, is finally out. Sometime next month the exam and an additional course video will be made available for a small fee. It must be mentioned, the money raised by this course is donated to the “I Hack for Charity” created by Johnny Long. So by taking the course, you are not only learning to use a valuable penetration and assessment tool, you are giving to a good cause.

—

A little quicky on how to update Backtrack 4 ‘s kernel.

root@bt4# apt-get updateroot@bt4# apt-get install -d linux-imageroot@bt4# cd /var/cache/apt/archives/root@bt4# dpkg -i –force all linux-image-2.6.30.5_2.6.30.5-10.00.Custom_i386.debroot@bt4# apt-get dist-upgradeI suggest a reboot here to see if all is good (should see 2 kernels available at the grub scree)root@bt4# apt-get remove –purge 2.6.29*root@bt4# reboot

Again with Backtrack 4: If you plan on using Hydra (or XHydra) against SSH, you might be in for a little surprise. The stock version of Hydra distributed on BT4 is not compiled with the necessary SSH libraries. You’ll need to recompile it. I found a nice how to on the Remote Exploit forum (full thread). Also, it’s the same for Medusa too, so redoing that is needed as well…

If this doesn’t work, do what I did… Download the library and read the error messages. It’s all clearly explained…

—-

A quick note, another Joomla exploit has been released not too long ago (no big surprise), but what makes me mention this is the timing in which it came out. Seeing that I work for an ISP and Web/Application hosting company, being aware of these things can sometimes come in handy.Two days after this exploit being published, I was asked by one of our partners he needed a web space setup with Joomla. The boss told me to make it happen, knowing it was full of vulnerabilities he says “…put the latest version please…”. In response “Sure no problem, but just got to tell you that a remote exploit came out on that version 2 days ago”.It hasn’t been installed.

Sometimes the power if knowledge and a little assurance in one’s speech and go along way.

Something that I enjoy doing, and which helps understanding buffer overflows / exploit coding is practice.

Grabe a known vulnerable application, find a PoC (proof of concept) and start from there. Here’s a start for anyone trying. Had loads of fun with this one:
Easy Chat Server 2.2

-First find and download the application (trial version should do fine) try -this--Install the application (make sure it works)
-Get a debugger (I suggest Ollydbg)-Copy paste this PoC, it’s python but you can rewrite it in a language you may be more familiar with. Remember to change the IP/Port settings to your own Easy Chat Server[this is based on his0k4 ‘s exploit on Exploit-DB]==================================================#!/usr/bin/python#Bug :#EFS Easy Chat Server Authentication Request#Buffer Overflow Exploit (SEH)

Something that I enjoy doing, and which helps understanding buffer overflows / exploit coding is practice.

Grabe a known vulnerable application, find a PoC (proff of concept) and start from there. Here’s a start for anyone trying. Had loads of fun with this one:Easy Chat Server 2.2

-First find and download the application (trial version should do fine) try -this--Install the application (make sure it works)-Get a debugger (I suggest Ollydbg)-Copy paste this PoC, it’s python but you can rewrite it in a language you may be more familiar with. Remember to change the IP/Port settings to your own Easy Chat Server[this is based on his0k4 ‘s exploit on milw0rm]==================================================#!/usr/bin/python#Bug :#EFS Easy Chat Server Authentication Request#Buffer Overflow Exploit (SEH)

Well, it’s been a while since I’ve posted. Family and work are taking most of my time. Also started practicing with Exploit codes and Buffer Overflows. Taking an application with a known vulnerability, then starting with a working PoC writing an exploit from there.

I would love to take the time and write up my experiences in this matter, but seeing that there are hundreds of websites/posts on this subject, I’ll just post 2 of my favorites. Well written and very understandable.